• Say What You Do Products
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification
• Administrative Management
• Workplace Policy Development and Management
• Facilities, Fleet, and Equipment Management
• Travel
• Help Desk Services
• Physical Security Management
• Compliance Development and Enforcement
• Standards Setting/Reporting Guideline Development
• Policies, Standards, and Procedures Publication
• Policy and Guidance Development
• Public Comment Tracking
• Regulatory Creation
• Inspections and Auditing
• Controls and Oversight
• Program Evaluation
• Corrective Action
• Program Monitoring
• Credit and Insurance
• General Insurance
• Loan Guarantees
• Direct Loans
• Education
• Higher Education
• Elementary, Secondary, and Vocational Education
• Financial Management
• Budget & Finance
• Financial Reporting Information
• Asset & Liability Management
• Accounting
• Payments
• Unemployment Compensation
• Collections and Receivables
• General Retirement and Disability Program Management
• General Organizational Support
• Taxation management (governmental agencies)
• Centralized Fiscal Operations
• Legal Functions
• Records and Statistics Management
• Centralized Personnel Management
• Property Management
• General Executive Functions
• Staff Income Information
• Benefits Entitlement Event Information
• Representative Payee Information
• Strategic Executive Functions
• Personal Identity and Authentication
• Goods and Services Creation and Management
• Facilities and Infrastructure Management
• Goods and Services Production
• Construction
• Healthcare
• Health Care Services
• Consumer Health and Safety
• Human Resources
• Personnel Management
• Security Clearance Management
• Benefits Management
• Worker Safety
• Labor Rights Management
• Staff Recruitment and Employment
• Payroll Management and Expense Reimbursement
• Resource Training and Development
• Information & Technology Management
• System Development
• Information Management
• Record Retention
• IT Security
• IT Infrastructure Maintenance
• System Maintenance
• Lifecycle/Change Management
• Internal Risk Management and Mitigation
• Disaster Preparedness and Planning
• Contingency Planning
• Continuity of Operations
• Service Recovery
• Emergency Response
• Law Enforcement
• Criminal Apprehension
• Criminal Investigation and Surveillance
• Citizen Protection
• Property Protection
• Crime Prevention
• Legal, Litigation, and Judicial
• Judicial Hearings
• Legal Defense
• Legal Investigation
• Legal Litigation
• Resolution Facilitation
• Permits and Licensing
• Planning and Resource Allocation
• Strategic Planning
• Enterprise Architecture
• Budget Formulation
• Capital Planning
• Budget Execution
• Workforce Planning
• Management Improvement
• Research Operations
• Public Affairs
• Customer Services
• Official Information Dissemination
• Public Relations
• Product Outreach
• Revenue Collection
• Debt Collection
• Staff Fee Collection
• Organizational Asset Sales
• Supply Chain Management
• Inventory Control
• Logistics Management
• Goods Acquisition
• Services Acquisition
• Advising and Consulting
• Knowledge Dissemination
• Third Party Relations
• Third Party Program Project Information
• Third Party Liaison
• Third Party Program Proposal Development
• Third Party Program Tracking

Supports the operations surrounding the management of the official documents and records for an organization. The overall accountability rating for this information classification is Low.

Confidentiality level = Low

The confidentiality impact level is the effect of unauthorized disclosure of record retention information on the ability of responsible organizations to store, track, account for, maintain, retrieve, and disseminate official documents and records. When the data being retained belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is at least that of the highest impact information type collected. Typically, the unauthorized disclosure of most business management information retained will have only a limited adverse effect on organizational operations, assets, or individuals. trade secret information and trade secret systems are outside the scope of this guideline.

Known mitigating factors toward changing the confidentiality level

Where more sensitive information is involved, it will most commonly be personal information subject to the various state and international privacy laws or information that is proprietary to a corporation or other organization. The various state and international privacy laws Information provisional impact levels are documented in the Personal Identity and Authentication information type. Such information will often be assigned a moderate confidentiality impact level. Where any of the information to be collected can reasonably be expected to have a high confidentiality impact level, then the record retention system must be assigned a high confidentiality impact level. In some cases, the impact assessment should consider that the aggregate of information retained might have a higher confidentiality impact than any individual information element.

Integrity level = Low

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.

Known mitigating factors toward changing the integrity level

Where integrity compromise adversely affects the ability of an organization to access its records or results in erroneous back-up information or archives, the impact on organizational operations can be serious. In such cases, the integrity impact level would be moderate. In the case of large-scale archives or archives involving key organizational assets (e.g., organizational archives), the integrity impact can be particularly severe and the impact level would be high.

Availability level = Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to record retention information. Functions and processes supported by most record retention information are not time-critical. Record retention processes are generally tolerant of reasonable delays. In most cases, disruption of access to record retention information can be expected to have only a limited adverse effect on organizational operations, organizational assets, or individuals. Not many business management systems perform functions for which temporary loss of availability can cause significant degradation in mission capability, place the organization at a significant disadvantage, result in major damage to assets, or pose a threat to human life.